Protecting a Ghost Town: How Stay Secure When Your Staff is on Vacation

Posted on by Tony Bradley

The doors are locked. The lights are off. All through the office not a creature is stirring, not even a mouse.

network securityWell, one can hope at least.

In a few weeks that's how most organizations will look. Business will all-but-cease and many employees will be home celebrating the holidays with family and friends. Hackers, cybercriminals, and malware, on the other hand, will be putting in extra hours to try and catch companies with their defenses down and no one around to stop them.

Thankfully, there are a couple things that you can do to tighten up security while the office is closed so that you can protect your data and network resources from attackers while your security staff is enjoying a well-deserved holiday vacation.

Minimize the attack landscape

There’s a simple tenet of computer and network security: If you’re not using it, don’t leave it on. For example, think of things like services and features in an operating system or drivers for devices you no longer use. This is sage advice all year long. The simple fact is that anything can be a potential attack vector, so it makes sense to leave as few opportunities as possible for cybercriminals to exploit.

When it comes to an extended office-wide shutdown, like many companies over the holidays, you can expand this philosophy across the entire infrastructure. However, most companies don’t shut down completely—there’s still some business being conducted, or at the very least there’s still a company website to maintain. Every system that isn’t actually being used, however, should be completely powered off.

Think of every single PC, printer, or other device connected to your network as a potential entry point for an attacker. If there is no one there using the PC, or printing on the printer, you can just shut it off—completely—so that there’s no possible way it can be exploited to gain access to your network. Critical servers and business applications will have to remain online, but you can significantly reduce the potential attack-landscape by just turning off all of the devices that aren’t being actively used during the holiday break.

Suspicious activity

You can also improve your security over the holidays by being more vigilant about suspicious activity. When everyone is working actively on the network, it can be challenging to separate legitimate network traffic from potentially malicious traffic.

That job is greatly simplified when nobody—or virtually nobody—is working. In such situations, there is no “legitimate” traffic moving across the internal network, so any and all activity should raise suspicions. If Jim from accounting is at home relaxing with his family, then it’s easy to identify any network activity emanating from Jim’s credentials as a compromise of some sort.

Security doesn’t really get a holiday vacation. In fact, holiday vacation periods are when security teams need to step up their game. That said, by reducing the systems available on the network to exploit or compromise, and by monitoring network activity, security teams can get the job done with less effort and maybe enjoy a little holiday downtime themselves. 

Tony Bradley


critical infrastructure

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community